pkixcertpathvalidatorspi.java
来自「bouncycastle 是一个JAVA安全提供者」· Java 代码 · 共 1,907 行 · 第 1/5 页
JAVA
1,907 行
Iterator it = permitted.iterator(); while (it.hasNext()) { String str = (String)it.next(); if (sub.endsWith(str)) { return; } } throw new CertPathValidatorException("Subject email address is not from a permitted subtree"); } private void checkExcludedEmail( Set excluded, String email) throws CertPathValidatorException { if (excluded.isEmpty()) { return; } String sub = email.substring(email.indexOf('@') + 1); Iterator it = excluded.iterator(); while (it.hasNext()) { String str = (String)it.next(); if (sub.endsWith(str)) { throw new CertPathValidatorException("Subject email address is from an excluded subtree"); } } } private void checkPermittedIP( Set permitted, byte[] ip) throws CertPathValidatorException { if (permitted.isEmpty()) { return; } // TODO: ??? Something here } private void checkExcludedIP( Set excluded, byte[] ip) throws CertPathValidatorException { if (excluded.isEmpty()) { return; } // TODO, check RFC791 and RFC1883 for IP bytes definition. } private PKIXPolicyNode removePolicyNode( PKIXPolicyNode validPolicyTree, List [] policyNodes, PKIXPolicyNode _node) { PKIXPolicyNode _parent = (PKIXPolicyNode)_node.getParent(); if (validPolicyTree == null) { return null; } if (_parent == null) { for (int j = 0; j < policyNodes.length; j++) { policyNodes[j] = new ArrayList(); } return null; } else { _parent.removeChild(_node); removePolicyNodeRecurse(policyNodes, _node); return validPolicyTree; } } private void removePolicyNodeRecurse( List [] policyNodes, PKIXPolicyNode _node) { policyNodes[_node.getDepth()].remove(_node); if (_node.hasChildren()) { Iterator _iter = _node.getChildren(); while (_iter.hasNext()) { PKIXPolicyNode _child = (PKIXPolicyNode)_iter.next(); removePolicyNodeRecurse(policyNodes, _child); } } } private boolean isSelfIssued( X509Certificate cert) { return cert.getSubjectDN().equals(cert.getIssuerDN()); } private boolean isAnyPolicy( Set policySet) { return policySet == null || policySet.contains(ANY_POLICY) || policySet.isEmpty(); } private AlgorithmIdentifier getAlgorithmIdentifier( PublicKey key) throws CertPathValidatorException { try { ASN1InputStream aIn = new ASN1InputStream( new ByteArrayInputStream(key.getEncoded())); SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject()); return info.getAlgorithmId(); } catch (IOException e) { throw new CertPathValidatorException("exception processing public key"); } } private final Set getQualifierSet(ASN1Sequence qualifiers) throws CertPathValidatorException { Set pq = new HashSet(); if (qualifiers == null) { return pq; } ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ASN1OutputStream aOut = new ASN1OutputStream(bOut); Enumeration e = qualifiers.getObjects(); while (e.hasMoreElements()) { try { aOut.writeObject(e.nextElement()); pq.add(new PolicyQualifierInfo(bOut.toByteArray())); } catch (IOException ex) { throw new CertPathValidatorException("exception building qualifier set: " + ex); } bOut.reset(); } return pq; } private boolean processCertD1i( int index, List [] policyNodes, DERObjectIdentifier pOid, Set pq) { List policyNodeVec = policyNodes[index - 1]; for (int j = 0; j < policyNodeVec.size(); j++) { PKIXPolicyNode node = (PKIXPolicyNode)policyNodeVec.get(j); Set expectedPolicies = node.getExpectedPolicies(); if (expectedPolicies.contains(pOid.getId())) { Set childExpectedPolicies = new HashSet(); childExpectedPolicies.add(pOid.getId()); PKIXPolicyNode child = new PKIXPolicyNode(new ArrayList(), index, childExpectedPolicies, node, pq, pOid.getId(), false); node.addChild(child); policyNodes[index].add(child); return true; } } return false; } private void processCertD1ii( int index, List [] policyNodes, DERObjectIdentifier _poid, Set _pq) { List policyNodeVec = policyNodes[index - 1]; for (int j = 0; j < policyNodeVec.size(); j++) { PKIXPolicyNode _node = (PKIXPolicyNode)policyNodeVec.get(j); Set _expectedPolicies = _node.getExpectedPolicies(); if (ANY_POLICY.equals(_node.getValidPolicy())) { Set _childExpectedPolicies = new HashSet(); _childExpectedPolicies.add(_poid.getId()); PKIXPolicyNode _child = new PKIXPolicyNode(new ArrayList(), index, _childExpectedPolicies, _node, _pq, _poid.getId(), false); _node.addChild(_child); policyNodes[index].add(_child); return; } } } public CertPathValidatorResult engineValidate( CertPath certPath, CertPathParameters params) throws CertPathValidatorException, InvalidAlgorithmParameterException { if (!(params instanceof PKIXParameters)) { throw new InvalidAlgorithmParameterException("params must be a PKIXParameters instance"); } PKIXParameters paramsPKIX = (PKIXParameters)params; if (paramsPKIX.getTrustAnchors() == null) { throw new InvalidAlgorithmParameterException("trustAnchors is null, this is not allowed for path validation"); } // // 6.1.1 - inputs // // // (a) // List certs = certPath.getCertificates(); int n = certs.size(); if (certs.isEmpty()) { throw new CertPathValidatorException("CertPath is empty", null, certPath, 0); } // // (b) // Date validDate = paramsPKIX.getDate(); if (validDate == null) { validDate = new Date(); } // // (c) // Set userInitialPolicySet = paramsPKIX.getInitialPolicies(); // // (d) // TrustAnchor trust = findTrustAnchor((X509Certificate)certs.get(certs.size() - 1), certPath, certs.size() - 1, paramsPKIX.getTrustAnchors()); if (trust == null) { throw new CertPathValidatorException("TrustAnchor for CertPath not found.", null, certPath, -1); } // // (e), (f), (g) are part of the paramsPKIX object. // Iterator certIter; int index = 0; int i; //Certificate for each interation of the validation loop //Signature information for each iteration of the validation loop Set subTreeContraints = new HashSet(); Set subTreeExcludes = new HashSet(); // // 6.1.2 - setup // // // (a) // List [] policyNodes = new ArrayList[n + 1]; for (int j = 0; j < policyNodes.length; j++) { policyNodes[j] = new ArrayList(); } Set policySet = new HashSet(); policySet.add(ANY_POLICY); PKIXPolicyNode validPolicyTree = new PKIXPolicyNode(new ArrayList(), 0, policySet, null, new HashSet(), ANY_POLICY, false); policyNodes[0].add(validPolicyTree); // // (b) // Set permittedSubtreesDN = new HashSet(); Set permittedSubtreesEmail = new HashSet(); Set permittedSubtreesIP = new HashSet(); // // (c) // Set excludedSubtreesDN = new HashSet(); Set excludedSubtreesEmail = new HashSet(); Set excludedSubtreesIP = new HashSet(); // // (d) // int explicitPolicy; Set acceptablePolicies = null; if (paramsPKIX.isExplicitPolicyRequired()) { explicitPolicy = 0; } else { explicitPolicy = n + 1; } // // (e) // int inhibitAnyPolicy; if (paramsPKIX.isAnyPolicyInhibited()) { inhibitAnyPolicy = 0; } else { inhibitAnyPolicy = n + 1; } // // (f) // int policyMapping; if (paramsPKIX.isPolicyMappingInhibited()) {⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?